What I want to do
Make a simple socket connection to a server on the browser. I want to not send any header information with the socket connection.
The Problem
It looks like I am unable to make a socket connection with javascript that does not send header data (Is there a way to do a tcp connection to an IP with javascript?).
I thought maybe I could make a connection with a chrome extension, however it looks like the socket API is only available for chrome apps (Google Chrome Socket API in extensions).
I am thinking that I might need to make a native application that will make socket connections through requests made by the browser using Native Messaging.
Is there anyway I can achieve this or am I out of luck?
Raw socket connections through the browser are wrapped up in security concerns. Users can be easily manipulated to allow things to run that shouldn't.
TCP and UDP Socket API
W3C Editor's Draft 20 January 2016
is located here.
http://raw-sockets.sysapps.org/
Mozilla's API information here: https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/API/TCPSocket "This API is available on Firefox OS for privileged or certified applications only."
If you work with raw TCP connections. I would suggest
(1) downloading PHP onto the local computer. PHP has a developer web host build in so you can run whatever application you want on PHP using the browser as your GUI.
(2) download node.js.
You are not out of luck you just need to achieve it with the understanding that you are working outside the box for normal browser based scripting created from security concerns, and that means the user/client needs to install something manually.
If you must use chrome browser on the client side, you will need to make an -extension- correction webapp. You can as a developer make one that you can use on your own computers.
https://developer.chrome.com/extensions/getstarted
https://developer.chrome.com/apps/first_app
Load the extension#
Extensions that you download from the Chrome Web
Store are packaged up as .crx files, which is great for distribution,
but not so great for development. Recognizing this, Chrome gives you a
quick way of loading up your working directory for testing. Let's do
that now.
Visit chrome://extensions in your browser (or open up the Chrome menu
by clicking the icon to the far right of the Omnibox: The menu's icon
is three horizontal bars. and select Extensions under the Tools menu
to get to the same place).
Ensure that the Developer mode checkbox in the top right-hand corner
is checked.
Click Load unpacked extension… to pop up a file-selection dialog.
Navigate to the directory in which your extension files live, and
select it.
Alternatively, you can drag and drop the directory where your
extension files live onto chrome://extensions in your browser to load
it.
If the extension is valid, it'll be loaded up and active right away!
If it's invalid, an error message will be displayed at the top of the
page. Correct the error, and try again.
This insures that non developers don't load an extension which does not comply with the normal security concerns.
Communicating between with the script on the web page to the extension.
Can be done with message passing ... https://developer.chrome.com/extensions/messaging
The extension can add content directly to the web page which is available to the script on the web page. If for example the extension replaced the web cam image with a static image when the webcam script reads what it believes is the webcam it gets the static image instead, which explains why I look like an alien from space on the webcam. Although I did not create an extension to do that, I merely modified an existing extension to replace the function that gets the webcam image with a function to get a static image.
You can use SignalR, it is javascript library (JQuery Plugin) and it enables you to open web sockets from the browser to a server. Please check the following links:
https://blog.3d-logic.com/2015/03/29/signalr-on-the-wire-an-informal-description-of-the-signalr-protocol/
http://blog.teamtreehouse.com/an-introduction-to-websockets
https://github.com/SignalR/SignalR
Related
I'm looking for leads on how to capture web page metadata from the current browser page. I want to create a feature in my application that will allow the user to press a hot key and record meta data from the web page currently open in the user's browser. My application will be running minimized, this feature is to be activated by a global hot key.
I'm using nw.js (formerly Node-Webkit) to create this application, so ideally, the solution would be javascript running in a desktop installation of Node.js. If this is not practical, I understand that I can call platform specific code from nw.js, so solutions developed in any desktop os language would be of interest.
My application targets OS X and Windows.
I'm hoping to capture metadata from all major modern browsers (Chrome, Firefox, Safari and IE 10+).
At a minimum I need to capture the page url, but I also want to capture Keywords, Description and highlighted text for the source web page.
I need to implement this function without modifying the source webpage in any way, and I prefer to avoid the need for browser extensions, bookmarklets or plugins.
If a solution exists using a remote controlled browser extension (no user interaction) that would be of interest, but ideally I want to avoid requiring the end user to install or interact with anything but my application.
My search to date has located no information on reading web page information from applications outside the browser.
Any thoughts or leads are much appreciated.
I want to write an Extension for the google chrome browser which reads some links from a website and copy these links into a file. I want to send this file via ssh to another computer in my local network.
How can I setup and use a ssh connection in my chrome extension?
Assuming you mean scp, not ssh, here are your options:
Set up a WebSocket proxy. Write JavaScript to send the XHR-fetched ArrayBuffer. WebSockets can go over SSL, so you'll probably be satisfied with that rather than implementing SSH in JavaScript (and then scp over that).
Same idea but an HTTP proxy. This would be pretty painful. See Web-based SSH for overview.
Write a Chrome App, thereby getting access to chrome.sockets. Implement SSH in JavaScript. See paramikojs to get started.
Chrome App, Native Client. This can actually work; see Secure Shell. Add scp functionality.
The Chrome-App-based solutions raise a separate question of how to get the web content. You might be able to use Chrome Apps webview. Or you can message the content between the app and a Chrome Extension.
There are probably other approaches as well. But you get the idea: you have a lot of coding ahead of you.
I'm planning to make a login system by USB, so if you put in a USB-drive and open a specific webpage, the website asks the USB-drive for the code (e.g. by a JavaScript file, a redirect or something like that).
The problem is, because of sandboxing, you can't load or redirect to local files. I don't know a solution for this problem. Can you guys help me? I don't need specific code, just an example or something in that way.
Maybe you can read up on USB-HID. Wikipedia:
The USB human interface device class (USB HID class) is a part of the USB specification for computer peripherals: it specifies a device class (a type of computer hardware) for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.
Here are some references:
USB HID (Human Interface Device)
node-hid - Access USB HID devices from node.js
DepthJS: 'Allows any web page to interact with the Microsoft Kinect using Javascript'.
A related Stackoverflow question:
Write data to USB HID using Javascript, HTML5, or any cross platform language (supports Android)
One other possibility is to check out the Chrome HID (Human Interface Device) APIs:
Interacting with USB HID devices from web apps – via Chrome Apps, see below
Relevant Chrome API docs
Please note that for the time being, you cannot interact directly with the USB device (i.e. you cannot access any WebAPI offering that kind of fine-grained control).
Building a Chrome App (different from a Chrome Extension) may help; This article may point you in the right direction, since it also provides sample code.
The only way I can think of is putting a html file on the usb stick that essentially generates some sort of login token and gives you a link or a form to a login processor. You can then access the webpage by opening the local file first which will redirect you to the actual webpage.
This local script may include a javascript from the server to get some challenge-response-data which it hashes somehow (perhaps in combination with a password) and puts it into the form data.
Web PKI authentication from Modern Browsers may be achieved by using Browser Extension. One such extension is Signer.Digital browser extension. Use below Javascript promises from the APIs provided by Signer.Digital extension.
SignerDigital.getSelectedCertificate() to register user's certificate
SignerDigital.signHash(hash) to sign token at browser and verify at server
For all Javascript APIs refer to SO Answer https://stackoverflow.com/a/63173083/9659885
Disclaimer : I work for a company supporting the application below
Hello, you may try to use Nexu open-source application for communication with smartcards or USB tokens. It also support PKCS 12 keystores.
For example, the application is connected to the DSS webpage on the website of European Commission : see the link.
For enterprise intranet web application, is there any way to create a desktop shortcut of web application on user's desktop? I'm looking for functionality similar to Google Gears, but without installing Google Gears. I'm looking to give user's a link on web application that says "Click here to install desktop shortcut", when they click on it, a desktop shortcut is installed with the custom icon for our application. Is there a way to do it using javascript or any other client side technologies? I don't want to run any exe on user's machines. Even though it's intranet, I have to jump through lot of corporate hoops, compliance approvals, etc to run exe on their machine. We are trying to avoid that, due to time constraints. User machines are windows XP with IE6 installed. They may all upgrade within next year's time to Windows 7 with IE8. Intranet web application in question is developed using asp.net 3.5, c#.
If this is really a corporate environment then just go talk to the network operations team.
It should be trivial for them to add something to the login script to push this link to the people's desktops.
More Info:
http://www.petri.co.il/forums/showthread.php?t=6154
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/02a7bfbb-180f-40eb-82e3-2343b2bf31eb
Alright, at first I thought that this was an impossible task, until I realized that it's not.
A shortcut is just a file, and we all know you can download files from links.
I'm not sure how well windows shortcuts can be transferred from computer to computer, but I would assume that a shortcut with a location like http://www.google.com/ is not tied to any specific windows machine.
You could zip the shortcut, and point the link to the location of the zip file. Tell the users to unzip the file and place the shortcut. You may be able to just serve the shortcut, but you'd have to give the right headers, and probably specify application/octet-stream or something like it.
Alternatively you can tell them to right click, go to new -> shortcut, and copy-pasta the url into the location box.
Alternatively you could write a batch file for the users to download that opens a url in the default browser.
I know it's not quite as direct as click-button -> receive bacon but it will work.
Try looking at SaveAs
document.execCommand("SaveAs", false, "url to desktop");
The user will still have to click save and it only saves a HTML page. You would have to open a hidden IFrame containing a web application and call .execCommand on the iframe's document.`
You can create a shortcut (.lnk) file in a directory in your site and put it as the Url for a hyperlink so the users right click and save as they download the .lnk file. Your server will need the mime-type .lnk application/x-ms-shortcut adding.
The icon can be done by putting it on a network location and using the "Change icon" function to refer to this network location. This works on Windows. I suppose it could be adapted for each OS required?
Let's say I've got a website that works better if a client has installed and logged into a desktop application. I'd like to be able to do 2 things:
Alter the website if they haven't installed the app (to make it easy for them to find a link to the installer)
If they've installed the app on a couple of machines, determine which machine they are browsing from
I'd like something that works on Windows and OSX, on any of the major browsers. Linux is a bonus.
A few thoughts:
Websites can detect if you've got Flash installed. How does that work and could it be used for both of my goals?
Could I just let the client serve HTTP on localhost and do some javascript requests to fetch a local ID? I know google desktop search did something like this at one point. Is this a standard practice?
Thanks!
You can register a protocol from your desktop application (see this). This can be used, for example, to open your desktop application with arbitrary data from the website. You could then have your desktop app send a HTTP request to your webserver, telling it what machine you are on.
You can have a browser plugin (activex for IE or Netscape plugin for the rest of the browsers) that can communicate with the application. When the webpage is loaded, it can try to instantiate the plugin and if it succeeded, it can use it as a proxy to the application. If it fails, then either the app is not installed or the plugin was explictly disabled by the user. Either way, your website should degrade its functionality accordingly.
Update: Forgot to answer your questions:
Flash does it exactly this way. Flash is a browser plugin that is created by the web pages.
You can have a machine ID generated at the application/plugin install time and your plugin can pass that machine ID to the webpage when it is created.
On the topic of using local webserver:
I would stay away from having a local webserver, mainly because of security considerations. It takes quite a lot of work to make sure your local webserver is locked down sufficiently and there are no XSS vulnerabilities that other malicious websites can exploit to make it do stuff on their behalf.
Plus, having a webserver means that either it has to run as a system-wide process, or if it runs as the user, you can have the website interact with only one user's instance of the application, even though multiple users can be logged on and running it at the same time.
Google Desktop Search suffered from both the XSS security vulnerability (though they fixed it) and the limitation of only one user being able to use it on a machine (I don't know if they fixed this one yet, though chances are they did).
Websites can detect if you've got Flash installed.
Actually, I believe a browser can detect if you have the Flash plugin for the browser installed, and webpages can offer "installed" and "uninstalled" option that the browser can choose.
Otherwise, you are asking for a means, by putting some code in a webpage, of being able to analyze a user's home computer, and report what it learned to you website.
Can you say Major Security Hole?
If you can pick a development environment for the desktop app, then check out AIR from Adobe. It lets you develop desktop applications using either html/javascript, Flash, or Flex.
It has API calls you can use from a browser based flash app to see if the desktop based AIR app is installed, what version, etc. You can even launch it and pass parameters from the web app to the desktop app.
http://www.rogue-development.com/blog2/2008/03/interacting-with-an-air-app-from-a-browser-based-app/
Websites can detect if you've got Flash installed. How does that work and could it be used for both of my goals?
it's quite a bit simple, your browser tries to render some additional files, with some specific formats such as flash .swf and I the browser doesn't find installation, then will be start downloading, or you will get the option to download that program.
Flash also uses AC_RunActiveContent.js please take a look at this js, people usually put this on their webpages
if (AC_FL_RunContent == 0) {
alert("This page requires AC_RunActiveContent.js.");
} else {
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave cabs/flash swflash.cab#version=8,0,0,0','width','981','height','635','id','build5','align','middle','src','build5','quality','high','bgcolor','#ffffff','name','build5','allowscriptaccess','sameDomain','allowfullscreen','false','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','build5' ); //end AC code
}